SSL SocketRead should retry on noErr

Description

Summary

Sometimes calls to SocketRead return 0 bytes but with errno = 0. Those cases should be handled identically to EAGAIN but instead return a fatal error. This is causing issues with the SIPE plugin connecting to Office365 accounts (and possibly in other plugins?)

Steps to reproduce

With the SIPE plugin the only step needed to reproduce is to configure an Office365 account.

Expected results

Successful connection to server.

Actual results

Connection fails with:

(Libpurple: cdsa) receive failed (-9802): Undefined error: 0

Regression

Able to reproduce with Adium 1.5.x on OS 10.8.x; have not tried on earlier Adium or OSX builds.

Notes

Identical account configuration and plugin version work under Pidgin on Windows, Linux and Mac. Increasing the receive buffer (to minimize calls to read) also serves as a workaround but is not a true fix.

Oldest firstNewest firstThreaded

Comments only

Change History (17)

This seems to make sense (I'm not very familiar with this code myself).

SocketRead checks if the result of read is <= 0, and handles errno == 0 and rrtn == 0 as a errSSLFatalAlert, while that seems to indicate "no data available right now" (why doesn't it set EAGAIN, though?).

I'm having another look at this and I think the original request was wrong. man 2 read says:

If successful, the number of bytes actually read is returned. Upon reading end-of-file, zero is returned. Otherwise, a -1 is returned and the global variable errno is set to indicate the error.

Therefore, reading 0 bytes must imply the socket is closed, no matter if errno is 0 or EAGAIN. It's true that the code doesn't handle that properly, but the right thing to do when reading 0 bytes is to close the socket.

(In ​e9b20f65795c) I hope this is the proper fix to #16356: When any data has been read in the SocketRead for-loop, return noErr when we encounter an EOF. On the next call, it will return errSSLClosedGraceful.

Applying the hook patch to Adium and the activation in the SIPE plugin results in successful connections to both Lync and Yahoo! and their respective buggy SSL implementations.

I rebuilt both on my machine using the following (not sure why the Adium source doesn't build out of the box without a 'make clean' first, but that's OT and probably something I'm doing wrong). Works on Mac OS X 10.9.3, Adium 1.5.10, and SIPE 1.18.1 with the aforementioned patches.

Sadly, I didn't realize there was no support for the SIPE plugin in 10.7 and there is no one maintaining a release for OS X 10.7 or Xcode 4.6… so I'm stuck.

I don't know anything about this code and I gather the fix is supposed to be easy but after several hours of troubleshooting, I'm giving up for the night.

I guess there is some code in use that was introduced in 10.8 and later which prevents us from building (or even moving binaries) to an 'old' 10.7 system. When building on 10.9.3 and moving the binaries to 10.7.5, the SIPE plugin doesn't load at all.

Here's what the build failures look like on 10.7.5 / Xcode 4.6.

I guess we're going to go back to Adium 1.5.9 and disable Yahoo! again… we have to support Lync for work.

(In ​5a28350c3d82) Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.

Here's what I've tried to get Yahoo! support working again on Mac OS X 10.7.5 since receiving this update today. On 10.7, I have Xcode 4.6.3.

Built the default branch from ​https://hg.adium.im/adium; examining Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c, it doesn't appear that the 5a28350c3d82 patch came down with it; it built successfully but it doesn't run at all, crashes with:

... also worked, but still gives "Error: Error reading from login.yahoo.com: Undefined error: 0" when connecting to a Yahoo! account.

As far I can tell, there's either something I needed to have from 1.7hg to go with 5a28350c3d82 in order to make this work - something I can't do because 1.7hg just SIGABRTs - or the changes in 5a28350c3d82 don't fix the problem for 10.7.5.

I can test 5a28350c3d82 on my 10.9.3 system if that's a helpful data point, but I already have a fix for both Yahoo! and SIPE (which also broke with 1.5.10 - the aforementioned patches at ​http://sourceforge.net/p/sipe/bugs/249/#621e) that works great on Mac OS X 10.9.3.

Previously provided patches have corrected the issue connecting to the Yahoo! service but they only work on Mac OS X 10.9 and I believe I've read that they never work on anything prior. ​https://trac.adium.im/wiki/SupportedOSPolicy states "As of Adium 1.5, we support: 10.6.8 and newer" so hopefully there's still hope.

Thank you for your help thus far. Please let me know if there's anything else I can do.